Original Publication Date: 25-08-2014
On 22ndAugust 2014, the OpenSSL team released an update for their popular SSL/TLS package, which fixed the OpenSSL SRP Buffer Overrun Vulnerability. Only applications which are explicitly set upfor SRP use are affected. Cyberoam recommends all the customers to upgrade OpenSSL 1.0.1 SSL/TLS versions to 1.0.1i. For more information, please refer SRP Buffer Overrun Vulnerability.
Note: Cyberoam Threat Research Labs is currently studying this vulnerability and shall announce a remedial solution shortly. Once, we have the solution the advisory will be updated.
What is the OpenSSL SRP Buffer Overrun Vulnerability?
· OpenSSL 1.0.1 versions prior to 1.0.1i
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.